Search results

Calibrating laboratories

ISO 17025 is applicable for testing and Calibration laboratories. ISO 17025 has clear Reporting Result requirements in clause 7.8 and specifically for calibration reports in clause 7.8.4 Specific requirements for calibration certificates.

Depending on your activities, certain ISO 17025 requirements will not be relevant, for example, Sampling (clause 7.3); whereas others will need more detail, for example, evaluation of Measurement uncertainty (clause 7.6). Measurement uncertainty must be evaluated for all calibrations and reports. The accreditation body requirements are typically documented, with reference to ILAC (The International Laboratory Accreditation Cooperation) policies and guidelines.

See too, Appendix A3 Demonstrating metrological traceability, where Calibration and measurement capabilities are addressed for calibration laboratories. The Scope must be defined clearly, according to the accreditation body programs.

Furthermore, careful consideration of decision rules must be made as typically for calibration, a statement of conformity to a specification or standard for the calibration (e.g. pass/fail, in-tolerance/out-of-tolerance), is made. For more information refer to https://ilac.org/publications-and-resources/ and become familiar with ILAC G8:09/2019 Guidelines on Decision Rules and Statements of Conformity and ILAC P14:09/2020 ILAC Policy for Measurement Uncertainty in Calibration.

Have a look too, at https://advisera.com/iso-17025/, for more information on /iso 17025 requirements.

ITP and Welding Inquiry

We do not have inspection test plans for fabrication and welding. Laboratories that test materials are accredited to ISO 17025 while inspection bodies are to the ISO 17020 standard. ISO 17025 assessment checks are applicable for testing activities, not inspection. It is ISO 17020 that covers the activities of inspection bodies. The test plans of course would cover requirements and standards specific to the welding and fabrication industry. The inspectors in most cases, would also require personal certification, to provide competence assurance. I suggest you contact your professional association / regulatory body for further information.

Prioritizing implementation of ISO 9001 over ISO 17025 in laboratory

ISO 17025 is the applicable standard for a testing or calibration laboratory to claim technical competency for methods on their scope of work. That said, as ISO 17025 is often a voluntarily adopted standard; if it is not a mandatory requirement for a laboratory, they could start with ISO 9001 implementation and achieve ISO 9001 certification whilst implementing the technical aspects of ISO 17025. Once they are working in accordance with ISO 17025, the laboratory can apply for accreditation, if that is a quality objective.

For more information on ISO 17025 refer to Advisera ISO 17025 – Where to Start?

Conformio roles

Please note that at any moment using Conformio you can click in the “Company setting” option in the left panel of your screen and access the link to “Job titles” to find a set of suggested roles to be included in your ISMS according to your needs (Company main executive, Information technology, Information security, Finance, Compliance, Marketing, Legal, Human resources, Office management, and Procurement).

For small companies, you should define at least the Company's main executive and Information security roles. For bigger companies, the roles to be selected will depend on the defined scope. In the case of a bigger company where all company is included in the Information Security scope, maybe you should use all roles. 

An intermediary approach should consider the roles of the Company's main executive, Information technology, Information security, Finance, and Human resources, because they in general cover the most part of the scope. E.g., the HR roles can be responsible for employee’s training and awareness, Finance can be responsible for evaluating and approving security expenses.

Help with certification

From our experience, some companies decide to host files on a server managed by the department that is included in the ISMS scope, but that in most cases companies use cloud services like Google Drive, Dropbox or SharePoint.

For further discussion, you can schedule a meeting with one of our experts.

Register of Requirements and scope

To identify in the register of requirements module which requirements would be applicable to the cloud service host, in the field “To what area is this requirement related?” you need to select the option “Managing security with suppliers and partners”. Additionally, you can write this information in the description field, together with the description of the requirement.

This way, it would be clear that the requirement is applicable to the cloud host.

Please note that when you define that something is in the scope, you can only “let it for later” if you accept all risks related to that element in the scope.

Controls in the SoA that so not show up in the Risk Assessment

You can consider a control applicable in the SoA even if it is not related to the results of risk assessment and treatment if:

• it is required because a legal requirement (e.g., law, regulation, or contract) demands its implementation
• it is required by top management as a good practice

NPI project for IATF

In the new product introduction process (NPI), you should comply with the requirements of clause 8.3 of the IATF 16949:2016 standard. All requests on this subject are specified in sub-items 8.3 and 8.3.

I have listed a few conditions that should be followed on this subject below, but I recommend that you review these relevant articles in detail.

• If you are designing products, design FMEA
• Process FMEA
• Control Plan
• Project Plan
• Feasibility analysis
• Design validity test plan and tests
• Prototype control plan
• Product and process validation records
• MSA and SPC studies
• All PPAP requests
• Customer-specific requirements about it, etc.

• Handling termination and change of employment

  The handling of termination and change of employment can be found in the Statement of Applicability Module, in the Implementation method for control A.6.5 (in case this control is marked as applicable).

  The implementation method in the SoA describes how the company will handle termination and change of employment (a text is suggested, but you can edit it according to you needs).

  In general, conditions that remain valid after the termination or change of employment are defined in the agreements with suppliers and partners, and in the confidentiality statements signed with employees. The clauses for this purpose can be found in the template Security Clauses for Suppliers and Partners. You can find this template in Conformio by clicking the link Documents in the left panel, then clickling in "Templates for Manual Editing".

  For further information, see:

  • What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/